The traditional payment method for businesses is the transmittal of a paper document authorizing payment from a payer to a payee, known as a check. With this payment method, the payment transaction starts with a paper document sent from the payer to the payee. The paper check remains in the hands of the payee for a short time before it is deposited to the payee's bank (assuming the payee is an efficient business entity). The check then physically passes through the clearing process until it reaches the payer's bank. If the payer has sufficient funds, the payment transaction ends there (the check may be returned to the payer). Otherwise, the refused check follows the reverse route to the payee's bank and then to the payee (with a non sufficient funds notice).
This process is intrinsically inefficient since it involves physical movement of a piece of paper (see the book by Furash & Company, Banking Role In Tomorrow's Payments System--Volume II--Payments System Overview, The Banker's Roundtable, June 1994). By comparison, the information contents of a check could move almost instantaneously on a data communications network. The delays associated with the check payment system induce financial risk or uncertainty about the finality of the payment. Despite these weaknesses, paper checks are still the predominant payment method next to cash, with 59.4 billion checks processed by the US check clearing system in 1993 (see the article by Scott E. Knudson, Jack K. Walton II, and Florence M. Young, Business-to-Business Payments and the Role of Financial Electronic Data Interchange, Federal Reserve Bulletin, April 1994).
The banking industry is constantly looking for technological improvements to make the check processing more efficient, or to replace check payment with other payment methods.
An interesting improvement to the check processing system is the check image capture and truncation (see the book by Furash & Company, Banking Role In Tomorrow's Payments System--Volume II--Payments System Overview, The Banker's Roundtable, June 1994, page 13). With this technique, a digitized image of the check is taken at one point in the check process and the digitized image then replaces the check for further processing. Once scanned, the check itself is archived. The earlier the scanning operation occurs, the greater are the benefits of check truncation. In a sense, the present invention extends the idea of check truncation up to the payer's office: the required scanner is included in the payer's fax machine.
Alternatives to traditional check payment include bill payment at automated teller machines (idem, page 110), debit transactions at point-of-sale terminals (idem, page 111), customer activated terminals (idem, page 112), and banking by phone, personal computer, or interactive TV (idem, page 113). Such payment methods where the payment settlement is done substantially in real time with the transaction entry are covered by U.S. Pat. No. 5,220,501. See the interview with H. Robert Heller by Robert A. Bennet, VISA's Big Worry: Becoming a Monopoly, United States Baker, February 1992, at page 26, about the distinction between off-line and real-time payment settlement.
Financial Electronic Data Interchange (EDI) is a marginal payment method in terms of transaction volume, but it is significant in terms of payment system user needs (see the article by Scott E. Knudson, Jack K. Walton II, and Florence M. Young, Business-to-Business Payments and the Role of Financial Electronic Data Interchange, Federal Reserve Bulletin, April 1994). With financial EDI, the payer prepares a payment transaction using his payables accounting software and electronically transmits the transaction including the payment information and the remittance data (typically the list of invoices paid). The payee receives electronic notification of the transaction in his receivables accounting package and its treasury standing is updated automatically. The U.S. payment system currently does not handle useful remittance data along with the payment transactions as in the case of financial EDI, irrespective of the payment method used (see the book by Furash & Company, Banking Role In Tomorrow's Payments System--Volume I--Ensuring a Role for Banks, The Banker's Roundtable, June 1994, p 22). For this reason, the financial EDI payment requires an EDI service provider for the non-financial part of the transaction. The present invention aims at providing equivalent convenience to the payee as financial EDI does.
To prevent fraud, the alternative payment methods require some form of communications security. The level of security provided by conventional facsimile machines (see the article by S. L. Berry, Faxpionnage: A New Threat Hits Mahogany Row, Management Review, July 1990 and the article by Michael Beacon, Assessing Public Network Security, Telecommunications, North American Edition, Vol. 23, Number 12, December 1989) is insufficient to be used for banking by fax.
Many contributions in the prior art of modern cryptography are used or may be used to provide the required security for the banking industry. The theoretical work for secure communications systems is reviewed in the book by Gilles Brassard, Modern Cryptology, Lecture Notes in Computer Science no. 325, Springer-Verlag, 1988 and is reflected in U.S. Pat. Nos. 4,200,770, 4,405,829 and 4,995,082. This prior art consists of elements of solutions, cryptographic methods, and specialized apparatuses. The provision of an effective protection in a given application context requires careful design of operational rules and complete systems. Despite the significant capabilities of the prior art of modern cryptology, it is not applied on a large scale (see the article by Stephen Kent et al., Codes, Keys and Conflicts: Issues in U.S. Crypto Policy, Report of a Special Panel of the ACM U.S. Public Policy Committee (USACM), Association for Computing Machinery, June 1994, page 12).
Recent developments in the area of Open Systems Interconnection security (see the ISO/IEC 7498-2:1989 and ISO/IEC TR 13594:1994 standard specifications) are aimed at facilitating the use of secure communication in existing non-secure networks. Methods for obtaining effective proofs of message transmission and message delivery are described in ISO/IEC 10181-4. This prior art relates protections as known by the end-users to cryptographic techniques which are referred to in generic terms. This prior art is intentionally conceptual. It reflects commonly agreed views rather than specific solutions. An implementation based on this prior art requires further inventive process. This level of abstraction extends to security protocol as in ISO/IEC 11577:1994 where cryptographic algorithms are left unspecified.
A very influential trend in cryptography is the so-called public key cryptography (see the book by Th. Beth, M. Frisch, G. J. Simmons, Public-Key Cryptography: State of the Art and Future Directions, Lecture Notes in Compute Science no. 578, Springer-Verlag, 1991). The prior art of public key cryptography is based on key pairs containing a private key and a public key. The private key is never divulged because the public key is sufficient for to encrypt a message to the private key holder and for digital signature verification. A single entity should use a given private/public key pair. There are appropriate algorithms to select a private/public key pair from a huge set of possible values. When combined with truly random bit generators, they ensure uniqueness of a private/public key pair.
With the notion of digital signatures from the public key cryptography, it is possible to secure the integrity and origin of a message without encrypting it (see the article by Stephen Kent et al., Codes, Keys and Conflicts: Issues in U.S. Crypto Policy, Report of a Special Panel of the ACM U.S. Public Policy Committee (USACM), Association for Computing Machinery, June 1994, page 26). The prior art of ISO/IEC 11577 is an example of a security protocol where authentication service may be provided with or without confidentiality protection.
The prior art of public key cryptography suggests the use of hashing algorithms in the form of a Manipulation Detection Code (MDC) prior to the digital signature algorithm which is generally too compute-intensive to be practical for long messages.
The task of cryptographic key management is critical to any security system. In the case of public key cryptography, it is described in the publication by RSA Laboratories, Answers to Frequently Asked Questions About Today's Cryptography, revision 2.0, RSA Data Security, Inc., October 1993, section 3. Specific prior art in this area includes the appendix C of ISO/IEC 11577 and the CCITT Recommendation X.509. The known ISO and CCITT standards regarding communications security introduced the notion of "security labels" for small pieces of information carried within a security protocol outside the normal message to indicated the security level (such as classified, secret, or top secret) or other characteristics of the message contents.
The application of public key cryptographic techniques for facsimile transmission in the context of remote banking services has not been previously envisioned to establish a new payment method (see the article by Mark Arend, Are Visa and MasterCard on the right track?, ABA Banking journal, September 1993, and the book by Furash & Company, Banking Role In Tomorrow's Payments System--Volume I--Ensuring a Role for Banks, The Banker's Roundtable, June 1994). A possible cause for this is the apparent difficulty in applying public key cryptography to the analog facsimile protocol. Public key cryptography is well suited to data communications where protocol extensions are easier to implement. In contrast, CCITT Group 3 facsimile protocol has little in common with data communications protocol.
Group 3 protocol is defined in the well known CCITT recommendations T.4 and T.30. The conversion of Group 3 facsimile protocol to and from a data communications protocol is covered by CCITT recommendations X.5, X.38, and X.39. This data communications protocol is X.25 described in CCITT recommendation X.25, ISO/IEC 8208 and ISO/IEC 7776. This data communications protocol may be made secure using the ISO/IEC 11577:1994 standard. Although these standardized protocols were created to accommodate each other, their combination has not been described in the prior art as a means of achieving secure facsimile transmission. The protocol conversion of CCITT recommendations X.5, X.38, and X.39 allows full duplex communication with error correction where the CCITT recommendation T.4 and T.30 supports only half duplex communication. Full duplex communication with error correction is a much easier environment for implementing public key cryptography.
References to prior art taking the form of standardized protocol do not imply strict compliance to the standard documents. This prior art may instead be used as guidelines to design a protocol process applying public key cryptography to the analog facsimile protocol. For instance, if X.25 data communication must be carried over the public switched telephone network as in the case of conventional facsimile transmission, then ISO/IEC 10732:1993 may be of interest. The existence of this prior art shows at least one avenue for applying public key cryptography to the analog facsimile protocol.
Even if the feasibility of secure facsimile transmission is ascertained and if the potential benefits of public key cryptography are within reach, there is still much uncertainty about the compatibility of payment by fax with the prevailing business practice.
In modernized small and medium businesses, accounting is typically done with a personal computer accounting software package. Personal computers traditionally lack security features. In addition, effective computer security is management-intensive. See the publication by Blaine Haine, Security Features of Windows NT, Proceedings of the Sixth Canadian Computer Security Symposium, pp 71-91, Communications Security Establishment, Government of Canada, 1994. For these reasons small business financial controls and auditing are still based on traditional methods. Auditing is mainly based on paper records of transactions. Financial controls are often limited to signing checks by the principals of the business. There may be more than one authorized signatory of a business bank account. The secure access control required for replacing the paper check with banking by personal computer may be hard to implement in a way that fits the small and medium business requirements. In addition, compatibility problems with the many existing accounting software packages may impede the acceptance of banking by personal computer. This compatibility issue is already impeding the penetration of EDI.
In the business world, Group 3 facsimile machines are ubiquitous. It is a flexible communications means accommodating almost any type of visual information, thus less threatened by compatibility problems. Facsimile is increasingly used in mixed environments where one party has an actual facsimile machine and the other party uses a facsimile interface to a computer. Examples includes fax-on-demand service, electronic mail delivery by fax, and direct fax transmission from a personal computer. Means of controlling the access to a facsimile machine or to the facsimile transmission capability of a computer system are conceivable but not readily available (see the publication by International Verifact, Setting new Standards of Excellence in Point-of-Sale/Debit transactions through technology and vision, product line litterature of International Verifact Inc., Toronto, Ontario, Canada, distributed with the International Verifact Inc. 1994 Annual Report, 1994 and the book by Gilles Brassard, Modern Cryptology, Lecture Notes in Computer Science no. 325, Springer-Verlag, 1988 section 5.3).
In cases where an access control device is located on customer premises, a special type of access control threat has to be prevented: if one may access the private key of a private/public pair by opening the device and probing its circuits without this being noticed, digital signature forgery may occur. For this type of threat, anti-tamper protection may be required. This refers to physical protection of the electronic circuitry against undetected tampering (see the publication by International Verifact, Setting new Standards of Excellence in Point-of-Sale/Debit transactions through technology and vision, product line litterature of International Verifact Inc., Toronto, Ontario, Canada, distributed with the International Verifact Inc. 1994 Annual Report, 1994 and the application brief entitled Tamper Detector for Touch Memory, at page 81 of 50 Ways to Touch Memory, second edition, Dallas Semiconductor, Dallas, Tex., October 1992).
Any new payment method has to offer economic benefits. Out of the 59.4 billions checks processed in 1993, 40% were issued by businesses (see the article by Scott E. Knudson, Jack K. Walton II, and Florence M. Young, Business-to-Business Payments and the Role of Financial Electronic Data Interchange, Federal Reserve Bulletin, April 1994). In retail banking, processing a check costs $0.68 while an electronic counterpart would typically halve that cost (see the book by Furash & Company, Banking Role In Tomorrow's Payments System--Volume II--Payments System Overview, The Banker's Roundtable, June 1994, p 108). The overall cost of a payment by a business is reported to be $8.33 (idem, p 40), with savings if electronic payments are used.
To materialize economic benefits, a new payment method has to exploit the same productivity tools as the existing payment systems. These tools include optical character recognition and optical mark recognition currently in operation with the imaging systems used in check truncation.
A payment transaction ultimately involves the transfer of monetary value from the payer's bank to the payee's bank, with some related information. Electronic payments are supported by EFT networks that provide the actual payment ability, including the required settlement process between the two banks. Automated Clearing Houses (ACH) in the U.S. and the Direct Funds Transfer System (DFTS) in Canada are examples of EFT networks.
To ensure optimum availability of a service accessed through a telecommunications network, various network features are available such as automated call distribution, call redirection, and direct inward dialing.